Experteer Overview In this role you help secure BESTSECRET's luxury e-commerce platform by leading hands-on security work across web apps, APIs, mobile apps, backend services, and cloud-native environments. You will collaborate with engineering teams to embed secure practices into CI/CD pipelines and modern AI-assisted development workflows without hindering innovation. You’ll identify complex vulnerabilities, provide pragmatic remediation guidance, and help scale security across distributed systems and Kubernetes-based deployments. This position combines hands-on testing, secure design reviews, and clear communication to reduce risk at scale. The opportunity focuses on shaping a strong security culture while保Compensaciones / Beneficios
- perform hands-on penetration testing across web apps, APIs, mobile apps, backend services, and cloud-native environments
- secure Java applications (Spring/Spring Boot) and microservices, including API gateways and identity propagation
- assess and improve security across Kubernetes, containers, and infrastructure as code
- evaluate and enhance CI/CD security controls (SAST, DAST, SCA)
- review source code and communicate findings with pragmatic, risk-based remediation guidance
- collaborate with engineering teams to enable secure shipping without slowing innovationResponsabilidades
- hands-on penetration testing experience across web apps, APIs, mobile apps, backend services, and cloud-native environments
- expertise in business logic flaws, access control issues, SSRF, injection vulnerabilities, and privilege escalation
- experience securing Java applications, ideally with Spring or Spring Boot
- experience testing microservices and distributed systems, including API gateways, identity propagation, and secrets management
- solid understanding of cloud-native platforms (Azure, Kubernetes, containers, IaC) and CI/CD security controls (SAST, DAST, SCA)
- ability to review source code and communicate findings clearly with remediation guidanceRequisitos principales
-